THE FRAUD TRIANGLE
The sides forming the standard business fraud triangle are opportunity, pressure, and rationalization. While the triangle was developed well before we became worried about insider threats to information security, its principles hold up as a basic outline for an insider threat prevention plan.
A brief summary courtesy of www.mncpa.org:
We can adapt the triangle to specifically address insider threats to information security:
Opportunity: Reducing employee’s opportunity to successfully commit malicious activity or inadvertently leak information is the most effective strategy for preventing insider attacks. Implementing separation of duties, documenting privileged account activity, and conducting behavioral analysis all reduce the chance of a successful insider attack. When employee’s know there is a high likelihood they will be held accountable, they are far less likely to attempt an attack or ignore known security protocols.
Rationalization: Educating employees about mandatory security protocols and what constitutes unethical or illegal activity makes it more difficult for employees to rationalize poor behavior. Two of the most common problems associated with insiders are employees who take sensitive data home in order to continue working on their project and employees who take sensitive data with them when they leave the company.
Without proper training both these actions are easy to rationalize. “I wanted to continue working from home because I was pressured to meet a deadline,” and “I did the work to develop these leads, or I did the work to create this database” are two rationalizations that can be greatly reduced by clear and consistent employee training.
Pressure: Reducing employees motivation to conduct insider fraud is possibly the most difficult side of the triangle to deal with. While not necessarily the responsibility of the information security team, creating a positive and supportive work environment that treats employees fairly is critical to reducing employee fraud of all types.
Preventing inside threats is one of the most challenging aspects of securing sensitive information. Protecting against attacks or mistakes from trusted friends and coworkers often feels like a hopeless. By considering the three sides of the fraud triangle when building our insider threat prevention strategies, we can do our best to attack the roots of the problem.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.